Official Toxic Discussion

Official discussion thread for Toxic. Please do not post any spoilers or big hints.

Comments

  • Great challenge!! Really useful to familiarized with common web vulnerabilities. Feel free to ask for a hint

  • hint please, first challenge :disappointed:

  • Can i also have a hint :(

  • Lovely challenge! A bit different from common web vulnerabilities (especially with the added randomness), so the extra challenge was a good learning experience.

  • Type your comment> @Sirbot said:

    Can i also have a hint :(

    @alketsh said:
    hint please, first challenge :disappointed:

    you have a source code ;)

  • edited May 2

    I want to say this is a pretty nice challenge especially the second part ;)
    pm me for nudge

  • did it after help from @7Rocky :smiley: :

  • Can someone can give me a hint on how to hadle the randomness ? I tried with bruteforcing it but wasn't effective....

  • edited May 3

    Type your comment> @TheEmix said:

    Can someone can give me a hint on how to hadle the randomness ? I tried with bruteforcing it but wasn't effective....

    You need to upgrade your Low Floor Industrializer to a Really Cooperative Experience. The challenge name sort of relates to the technique. If it's not toxic nor venomous, what could it be?

    Hack The Box

  • Nice hint :lol:

  • I went a bit too quick into the exercise without realizing that the name of the flag is NOT just /flag so don't do the same mistake...

    lebutter
    eCPPT | OSCP

  • Can someone give me a hint? I am new at this.

  • edited May 4

    Can someone explain to me what tr -dc 'a-zA-Z0-9' means? I know it might have nothing to do with solving the challenge, but I just want to understand.

  • @Eren said:
    Can someone explain to me what tr -dc 'a-zA-Z0-9' means? I know it might have nothing to do with solving the challenge, but I just want to understand.

    tr translates one set of characters to another set of characters. For example echo hackthebox | tr 'a-z' 'A-Z' would output HACKTHEBOX. The -d flag deletes a set of characters and the -c flag inverts the set so tr -dc 'a-zA-Z0-9' would delete any character that isn't a letter or a number. For example echo 'h&ck+th3B%x' | tr -dc 'a-zA-Z0-9' would output hckth3Bx.

    FWIW I didn't need this to complete this challenge but it's good one to know about. You can find out more with man tr.

  • Type your comment> @ily said:

    @Eren said:
    Can someone explain to me what tr -dc 'a-zA-Z0-9' means? I know it might have nothing to do with solving the challenge, but I just want to understand.

    tr translates one set of characters to another set of characters. For example echo hackthebox | tr 'a-z' 'A-Z' would output HACKTHEBOX. The -d flag deletes a set of characters and the -c flag inverts the set so tr -dc 'a-zA-Z0-9' would delete any character that isn't a letter or a number. For example echo 'h&ck+th3B%x' | tr -dc 'a-zA-Z0-9' would output hckth3Bx.

    FWIW I didn't need this to complete this challenge but it's good one to know about. You can find out more with man tr.

    Thank you very much. I understand it.

  • edited May 14

    .

  • Nice challenge! Also, @Fugl hint is gold!

  • Indeed, @Fugl post is a riddle in itself, at least for noobs like me, but after wasting hours in what turns out to be a dead end, it guided me towards the solution. Grade A comment.

  • hello, i know we need to upgrade our Low Floor Industrializer to a Really Cooperative Experience, but the cereal isnt working, any tips on how to make the cereal and uncereal work? i figured that i need to construct a suitable payload in the cookie :v

  • hello, i know we need to upgrade our Low Floor Industrializer to a Really Cooperative Experience, but the cereal isnt working, any tips on how to make the cereal and uncereal work? i figured that i need to construct a suitable payload in the cookie :v

    No need to construct a payload in the cookie, you need to upgrade in a Toxic way

  • ok thanks

  • What does: upgrade our Low Floor Industrializer to a Really Cooperative Experience mean ?

    And what does it mean with: you need to upgrade in a Toxic way

    I never solved only before so I'm realy new to this.

    Greetings

  • edited May 25

    Thanks to @Fugl for the nudge above, eventually figured out what your riddle was telling me and was finally able to move on!

  • Could anyone help? I have done the malicious edit and get a result that proves i am past the first part.

  • What a nice little challenge! ;) Really enjoyed it, even took the time to script everything out for the bruteforce before I connected the dots. :)

    dombg

  • I finished the challenge, but I was unable to get a shell. Anybody in the same boat, or am I missing something?

  • Type your comment> @0xd4y said:

    I finished the challenge, but I was unable to get a shell. Anybody in the same boat, or am I missing something?

    Do you have public IP address?

    Arrexel

  • Fun challenge! Got the flag, if anyone needs any nudges, feel free to DM me. But going over the thread now and there is definitely some good hints in here.

    hadrian3689

  • Can someone PM me a hint for the second half? The other hints don't seem to make sense to me.

Sign In to comment.